Internal Audit Charter

nbn-Confidential: INTERNAL + RESTRICTED ACCESS ONLY | 24 May 2022

Owner: General Manager Internal Audit and Fraud

nbn co limited (nbn) has established an Internal Audit function as a key component of its governance
framework.
This Charter provides the framework for nbn’s Internal Audit function and has been endorsed by the
Audit and Risk Committee at its meeting held 5 May 2022 and approved by the Board at the Board
meeting held on 24 May 2022.

PURPOSE OF INTERNAL AUDIT

Internal Audit provides independent and objective assurance and consulting activities designed to add
value and improve nbn’s operations.
It helps nbn management and the Board, through the Audit and Risk Committee, accomplish its
objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of
transaction and asset management, risk management, control and governance processes.

AUTHORITY
Internal Audit is authorised to have full, free and unrestricted access to all functions, premises, assets,
personnel, records, and other documentation and information, within the law, that it considers
necessary to enable it to meet its responsibilities.
All records, documentation and information accessed in the course of undertaking internal audit
activities are to be used solely for the conduct of these activities. Internal Audit staff are responsible
and accountable for maintaining the confidentiality of the information they receive during the course
of their work.
Internal Audit will have free and unrestricted access to the Board of Directors and the Audit and Risk
Committee.

OBJECTIVITY
Internal Audit must be able to perform its duties in an objective manner and provide impartial advice
to management and the Audit and Risk Committee. As such, Internal Audit has no direct authority or
responsibility for the activities it reviews.
Internal Audit personnel will not assume responsibility for the design, installation, operation or control
of any procedures within the organisation, with the exception of the Internal Audit function and those
non-audit activities noted below.
The primary responsibility for managing risk, internal control and compliance with legislation,
regulations and ethics rests with management.
It is the responsibility of Internal Audit to communicate to the Chief Financial Officer (CFO) and Audit
and Risk Committee any perceived or potential conflicts of interest that may compromise the
objectivity of Internal Audit.
Refer to the “Internal Audit Co-Sourced Provider Independence and Conflict Protocols” (approved by
the Audit and Risk Committee on 5 May 2022).

© 2022 nbn co limited | ABN 86 136 533 741 Page 1 of 6

nbn-Confidential: INTERNAL-RESTRICTED-ACCESS-ONLY Uncontrolled when printed
STRUCTURE
nbn’s Chief Audit Executive is the General Manager Internal Audit and Fraud. Internal Audit staff will
report to the General Manager Internal Audit and Fraud who is responsible for the management of
any Internal Audit resources. The General Manager Internal Audit and Fraud reports administratively
to the CFO and functionally to the Audit and Risk Committee.
The Audit and Risk Committee has determined that the operation of nbn’s Internal Audit function is a
co-sourced model. The appointment of co-sourced Internal Audit providers will be in accordance with
nbn procurement policies and procedures. The Chair of the Audit and Risk Committee, CFO and
General Manager Internal Audit and Fraud will be evaluation panel members.

ROLES AND RESPONSIBILITIES

Internal Audit’s activities include the following areas:
A. Internal Audit Reviews: The scope of work of the Internal Audit function is to determine
whether the governance, risk management and control processes of nbn, as designed and
represented by management, are adequate and functioning in a manner to provide a
reasonable level of confidence over the control environment.
This includes conducting the following activities:
• Compliance:
• Reviewing compliance with legislative requirements, Australian government and
nbn policies and procedures;
• Reviewing the adequacy and effectiveness of internal financial and operational
controls including IT system controls; and
• Reviewing the controls to safeguard, record, control and use of entity assets.
• Operational - assurance based reviews focussing on current risks and controls.
• Performance – performing reviews that focus on the efficiency, effectiveness, and
ethical conduct of nbn’s business.
• Investigations – investigating alleged frauds or other special investigations.
B. Advisory / Consulting Services: Internal Audit may advise management on a range of matters
subject to the objectivity requirements set out in this Charter.
C. Audit Support Activities: Internal Audit is also responsible for:
• Assisting the Audit and Risk Committee to discharge its responsibilities;
• Monitoring the implementation of agreed Internal Audit recommendations;
• Disseminating across the entity better practice and lessons learnt arising from its audit
activities; and
• Coordinating with other assurance related activities across nbn.
D. Integrated Assurance: Internal Audit will be a primary contributor to nbn’s Enterprise
Assurance Framework 1. This will require Internal Audit to:
• Work collaboratively with nbn’s assurance providers; and
• Inform the Audit and Risk Committee regarding relevant Integrated Assurance
activities and actions as required as they relate to Internal Audit.
E. Any other activity requested by the Audit and Risk Committee.

1 nbn’s “Enterprise Assurance Framework” is the organisation’s formal approach to integrate risk and assurance.

© 2022 nbn co limited | ABN 86 136 533 741 Page 2 of 6

nbn-Confidential: INTERNAL-RESTRICTED-ACCESS-ONLY Uncontrolled when printed
NON-AUDIT ACTIVITIES
The General Manager Internal Audit and Fraud has oversight responsibility for the Fraud
Management and Investigations function.

This includes, but is not limited to:

A. Fraud Management
• Developing, implementing and regularly reviewing a range of fraud and corruption
prevention, detection and response strategies;
• Maintaining the Fraud and Corruption Control Policy and the Fraud and Corruption
Control Plan; and
• Assisting management to identify and mitigate the risk of fraud and corruption and to
develop fraud prevention and monitoring strategies.
B. Investigations
• Fraud Management and Investigations may respond to, investigate and resolve
alleged instances of fraud and corruption, including reports made by the Fraud
Control Officer and under nbn's Whistle-blower regime.
C. Conflicts of Interest and Gifts and Benefits
• Coordinating the Conflicts of Interest process and maintaining the Conflicts of Interest
Register;
• Coordinating the Gifts or Benefits process and maintaining the Gifts or Benefits
Register; and
• Coordinating and maintaining other relevant registers as required.
D. Training and Awareness
• Fraud and Ethics training and awareness activities.

The primary responsibility for managing risk, applicable internal controls and compliance with relevant
legislation, regulations and ethics rests with nbn’s CFO and Chief Executive Officer. It is the
responsibility of all employees, contractors and third parties to promote and enhance fraud and
corruption control within nbn, and Senior Management are required to demonstrate an ethical tone
at the top in relation to nbn’s zero tolerance to fraud and corruption.

PLANNING
Internal Audit prepares an Annual Internal Audit Plan. Allocation of Internal Audit resources is based
on the annual plan that takes into account:
• nbn’s strategy and objectives;
• Strategic and Key Operational risks;
• Consultation with Executive Committee members;
• Other assurance coverage over key risks; and
• Requests by management and the Audit and Risk Committee.

An Annual Internal Audit Plan is developed in conjunction with management and senior executives
and is approved by the Audit and Risk Committee. The General Manager Internal Audit and Fraud, or
the Audit and Risk Committee, in conjunction with the CFO, may perform alterations to the Annual
Internal Audit Plan where deemed appropriate to do so. Material alterations to the Annual Internal
Audit Plan are subject to approval by the Audit and Risk Committee.

© 2022 nbn co limited | ABN 86 136 533 741 Page 3 of 6

nbn-Confidential: INTERNAL-RESTRICTED-ACCESS-ONLY Uncontrolled when printed
Prior to an Internal Audit review is starting, a scope document will be prepared. This will be agreed
with relevant members of management and signed off in agreement with the scope of services to be
provided by Internal Audit.

REPORTING
An Internal Audit report will be issued for every review performed. All reports will be discussed with
management before they are issued. Discussions will include all relevant management for the area
under review. The report of each review will be provided to the Audit and Risk Committee, which
shall be responsible for ensuring the satisfactory outcome of reviews.

The General Manager Internal Audit and Fraud will report to the Audit and Risk Committee on:
• Audits completed, issues identified and their root causes;
• Progress in implementing the strategic business plan and audit work plan; and
• The status of the implementation of agreed Internal Audit recommendations.
Internal Audit will also report to the Audit and Risk Committee at least once annually on overall
perspectives on internal controls, root causes and any systemic issues requiring management
attention at nbn.

OTHER AUDITORS AND ASSURANCE PROVIDERS

Internal Audit will co-ordinate its work with other auditors and assurance providers as directed by the
Audit and Risk Committee, management and the guidance provided in the ‘Enterprise Assurance
Framework’.
Internal and external audit activities will be coordinated with the objective of ensuring adequacy of
overall audit coverage and minimising duplication of effort. External audit will have full and free access
to all relevant internal audit plans and working papers, and all internal audit reports.

STANDARDS OF AUDIT PRACTICE

The internal audit activity will meet or exceed the mandatory guidance provided in the International
Professional Practices Framework (IPPF), published by the Institute of Internal Auditors: consisting of
the Definition of Internal Auditing, Core Principles for the Professional Practice, Code of Ethics and
International Standards and relevant Internal Audit related standards issued by:
• The Institute of Internal Auditors Australia (IIA)
• Certified Public Accountants (CPA) Australia
• Chartered Accountants Australia and New Zealand (CAANZ)
• Information Systems and Control Association (ISACA)
• Australian National Audit Office (ANAO).

In addition, Internal Audit staff are expected to:

• Comply with relevant professional standards of conduct;
• Possess the knowledge, skills and technical proficiency relevant to the performance of their
duties;
• Be skilled in dealing with people and communicating audit, risk management and related
issues effectively;
• Maintain their technical competence through a programme of professional development; and
• Exercise due professional care in performing their duties.

© 2022 nbn co limited | ABN 86 136 533 741 Page 4 of 6

nbn-Confidential: INTERNAL-RESTRICTED-ACCESS-ONLY Uncontrolled when printed
QUALITY ASSURANCE PROGRAM

Internal Audit will maintain a quality assurance and improvement program that covers all aspects of
the Internal Audit activities. The Internal Audit function's assessment of its performance and
effectiveness through its Quality Assurance and Improvement Program 2 will be reviewed annually by
the Audit and Risk Committee, including compliance with the Institute of Internal Auditors' IPPF.
Internal Audit’s Quality Assurance and Improvement Program (QAIP) provides assurance to the ARC,
Executive Committee (ExCo), and senior management that Internal Audit work is performed in
accordance with the Internal Audit Charter and the Professional Standards. This is also to provide
assurance that Internal Audit work is operating in an effective and efficient manner and is perceived
by key stakeholders as adding value to nbn. Any findings and recommendations from the QAIP will be
followed-up by the General Manager Internal Audit and Fraud to ensure that appropriate action plans
are developed and implemented in a reasonable timeframe.

A qualified, independent assessor or assessment team from outside the organisation will conduct a
full external assessment every three years. The assessment will consist of a broad scope of coverage
including:
• Conformance with the IPPF and Internal Audit’s Charter, policies, procedures, and any
applicable legislative and regulatory requirements;
• Expectations of Internal Audit as expressed by the ARC, ExCo and senior management;
• Integration of the Internal Audit activity into nbn’s governance and assurance processes;
• The mix of knowledge, experience, and disciplines within the audit team; and
• A determination of whether Internal Audit adds value and improves nbn’s operations.

Results of external assessments will be provided to the ARC and CFO at the completion of each three
yearly review. The external assessment report will be accompanied by a written action plan in
response to significant comments and recommendations contained in the report. The last external
assessment was conducted in July 2021 with results tabled at the August 2021 ARC meeting. The next
external assessment is scheduled for 2024.

REVIEW
The Internal Audit Charter will be reviewed annually to ensure it remains consistent with nbn’s
strategy and objectives and the Audit and Risk Committee Charter. The results of this review will be
reported to the Audit and Risk Committee. Any significant changes must be approved by the Audit
and Risk Committee.

PUBLICATION
A copy of this Charter is publicly available on the nbn website :
https://www.nbnco.com.au/corporate-information/about-nbn-co/governance/risk-management
Mark Trajcevski
General Manager Internal Audit and Fraud
Effective as of 24 May 2022

2 As defined in the International Standards for the Professional Practice of Internal Auditing issued by the Institute of Internal Auditors published 1 January 2017.

© 2022 nbn co limited | ABN 86 136 533 741 Page 5 of 6

nbn-Confidential: INTERNAL-RESTRICTED-ACCESS-ONLY Uncontrolled when printed
Document control
Charter owner nbn Board of Directors

Document number Not applicable

Issue date 24 May 2022

Review date May 2023

Classification nbn-Confidential:INTERNAL-RESTRICTED-ACCESS-ONLY

Status Final

Policy author Mark Trajcevski, General Manager Internal Audit and Fraud

Policy approver nbn Board of Directors

Email marktrajcevski@nbnco.com.au

Department or business unit Internal Audit

Approval table
nbn Meeting no. Meeting date Agenda item no.
Board 159 24 May 2022 17.1
Audit and Risk Committee 68 05 May 2022 6.2
Board 149 18 May 2021 12.4
Audit and Risk Committee 63 06 May 2021 6.2
Board 138 19 May 2020 14.2
Audit and Risk Committee 58 07 May 2020 6.2
Board 128 21 May 2019 14.2
Board 117 22 May 2018 17.3
Board 107 23 May 2017 13.1
Board 98 21 June 2016 17.1
Board 86 16 June 2015 14
Board 73 03 June 2014 13
Board 59 11 July 2013 26
Audit and Risk Committee 14 17 May 2012 06a
Audit and Risk Committee 09 19 May 2011 05a
Audit and Risk Committee 04 19 May 2010 07

© 2022 nbn co limited | ABN 86 136 533 741 Page 6 of 6

nbn-Confidential: INTERNAL-RESTRICTED-ACCESS-ONLY Uncontrolled when printed